notrubberduck
"Every feature is a potential vulnerability."
Overview
Offensive Security Research & Documentation A technical repository for advanced exploitation methodologies, CVE analysis, and infrastructure assessments. This platform documents the deconstruction of secure systems, focusing on logic flaws, Active Directory, and architectural vulnerabilities.
Latest Reports
[REPORT] Burp Discord Activity – Build a Burp Suite Extension with Discord Rich Presence
January 03, 2026A handcrafted Burp Suite extension that integrates Discord Rich Presence. Built using the Montoya API with real-time activity tracking, scope detection, and minimal resource usage.
[REPORT] Breaking MongoDB with MongoBleed: CVE-2025-14847 Deep Technical Analysis
December 29, 2025MongoBleed (CVE-2025-14847) is a critical unauthenticated MongoDB vulnerability that allows remote attackers to leak uninitialized server memory via a zlib decompression flaw. This deep-dive explains the root cause, exploitation techniques, detection methods, and mitigation strategies to protect exposed MongoDB deployments.
Targets & Tools
[TOOL] Burp Discord Activity
A lightweight Burp Suite extension that integrates Discord Rich Presence to display real-time security testing activity using the Montoya API.
[TOOL] Dns-Exfiltration
A Python-based DNS server that can receive and reconstruct data transmitted through DNS queries. This tool is useful for data exfiltration scenarios where traditional network communication methods are restricted.